Computer use is becoming increasingly complex, as traditional operating systems are under continual attack by a panoply of malicious software agents including viruses, nonviral “malware,” adware, spyware, and Web browser hijackers. Viral and nonviral threats are very serious concerns for consumers, service providers, help desks, and computer and software manufacturers. Additionally, operating systems may contain inefficiencies and errors that cause them to fail when a user runs a program or takes other seemingly innocuous actions. Consumer phone calls to help centers regarding spyware and adware typically require significant troubleshooting time. Usually the complaint is that the computer is performing slowly. Consumers often do not understand the differences among adware, spyware, worms, and viruses—and the lack of knowledge costs Internet service providers significant money.
Problems may arise on certain computer systems as a result of various kinds of user actions that trigger the installation of malicious software or computer registry changes. For example, a user may browse a web site, and malicious adware or spyware may then be installed on the user's system. Normally, a user (or an IT department of a company) does not know what web page is the source of the malicious software. Once known, it is possible to block or quarantine access to that site manually or automatically. The problem may not appear when the user visits a web site, but might appear when the user clicks a link from that web site that redirects the browser to another site, in a nonobvious manner, that contains the offending software.
Generally, if a computer expert has knowledge of a sequence of steps prior to the detection of a problem, knowledge of this sequence of steps can be use to pinpoint the cause of the problem. However, it is not always clear as to which one of a number of steps or events prior to a problem is the true cause of the problem. Thus, it becomes beneficial to examine the sequence of steps on several or many other systems for which another user, or the system itself, determines that a problem has occurred. When the problem occurs on more than one machine on a network, a system can query the other machines for the sequence of steps that led to the problem. The system can then compare and contrast the steps on these other machines to derive a probable common root cause with high likelihood.
As the number of problems such as adware is proliferating and computer operating systems are becoming more complex, a growing need has been recognized for providing systems, methods, and services that can most efficiently and effectively lead users, service providers, companies, help desks, and computer hardware and software manufacturers to determine likely causes of problems encountered in computing systems such as computers, cell phones, PDAs, and other network-connected devices.
Computer terrorism, as defined as the act of destroying or of corrupting computer systems with an aim of destabilizing a country or of applying pressure to a government, is also an area of concern which the system and method can address. Computer terrorism may involve attacks that modify the logic of a computing system in order to introduce delays or to make the system unpredictable. Attacks may also include the modification of information that is entering or exiting the system, without the user's knowledge.